US7716716B1 - Method and system for architecting enterprise data security - Google Patents

Method and system for architecting enterprise data security Download PDF

Info

Publication number
US7716716B1
US7716716B1 US10/875,539 US87553904A US7716716B1 US 7716716 B1 US7716716 B1 US 7716716B1 US 87553904 A US87553904 A US 87553904A US 7716716 B1 US7716716 B1 US 7716716B1
Authority
US
United States
Prior art keywords
enterprise
data element
levels
data
workflow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US10/875,539
Inventor
Kenneth C. Boystun
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
T Mobile Innovations LLC
Original Assignee
Sprint Communications Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sprint Communications Co LP filed Critical Sprint Communications Co LP
Priority to US10/875,539 priority Critical patent/US7716716B1/en
Assigned to SPRINT COMMUNICATIONS COMPANY, L.P. reassignment SPRINT COMMUNICATIONS COMPANY, L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BOYDSTUN, KENNETH C.
Application granted granted Critical
Publication of US7716716B1 publication Critical patent/US7716716B1/en
Assigned to DEUTSCHE BANK TRUST COMPANY AMERICAS reassignment DEUTSCHE BANK TRUST COMPANY AMERICAS GRANT OF FIRST PRIORITY AND JUNIOR PRIORITY SECURITY INTEREST IN PATENT RIGHTS Assignors: SPRINT COMMUNICATIONS COMPANY L.P.
Assigned to DEUTSCHE BANK TRUST COMPANY AMERICAS reassignment DEUTSCHE BANK TRUST COMPANY AMERICAS SECURITY AGREEMENT Assignors: ASSURANCE WIRELESS USA, L.P., BOOST WORLDWIDE, LLC, CLEARWIRE COMMUNICATIONS LLC, CLEARWIRE IP HOLDINGS LLC, CLEARWIRE LEGACY LLC, ISBV LLC, Layer3 TV, Inc., PushSpring, Inc., SPRINT COMMUNICATIONS COMPANY L.P., SPRINT INTERNATIONAL INCORPORATED, SPRINT SPECTRUM L.P., T-MOBILE CENTRAL LLC, T-MOBILE USA, INC.
Assigned to SPRINT COMMUNICATIONS COMPANY L.P. reassignment SPRINT COMMUNICATIONS COMPANY L.P. TERMINATION AND RELEASE OF FIRST PRIORITY AND JUNIOR PRIORITY SECURITY INTEREST IN PATENT RIGHTS Assignors: DEUTSCHE BANK TRUST COMPANY AMERICAS
Assigned to T-MOBILE INNOVATIONS LLC reassignment T-MOBILE INNOVATIONS LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SPRINT COMMUNICATIONS COMPANY L.P.
Assigned to SPRINTCOM LLC, SPRINT SPECTRUM LLC, CLEARWIRE IP HOLDINGS LLC, LAYER3 TV, LLC, SPRINT COMMUNICATIONS COMPANY L.P., IBSV LLC, SPRINT INTERNATIONAL INCORPORATED, BOOST WORLDWIDE, LLC, CLEARWIRE COMMUNICATIONS LLC, PUSHSPRING, LLC, T-MOBILE CENTRAL LLC, T-MOBILE USA, INC., ASSURANCE WIRELESS USA, L.P. reassignment SPRINTCOM LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: DEUTSCHE BANK TRUST COMPANY AMERICAS
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling

Definitions

  • the present disclosure relates to a method and system for securing data, and more particularly, but not by way of limitation, to a method and system for architecting enterprise data security to identify enterprise components.
  • Securing data is an important aspect of any enterprise or application.
  • the challenges in securing data in a particular system continue to change however. In a given environment, it may be necessary to secure all data at multiple levels of a particular application, whereas in other environments, it may be necessary to secure only particular data throughout all levels of the application.
  • security implementations that provide all of the necessary security for a given system, and yet maintain sufficient flexibility and efficiency so that the security is implemented only on data requiring such security.
  • the present disclosure provides a method for architecting enterprise data security solutions for an enterprise having multiple levels.
  • the method includes analyzing an enterprise having a plurality of levels and a workflow related to the plurality of levels.
  • the method includes analyzing a data element having a security requirement.
  • the method includes providing a reference model including the data element.
  • the reference model associates the data element and the security requirement with the workflow.
  • the method includes determining a vertical component of the data element using the reference model.
  • the vertical component identifies the security requirement for the data element based on the workflow for each of the plurality of levels of the enterprise.
  • the method includes identifying a technical component using the reference model and the vertical component.
  • the technical component is operable to provide the security requirement of the data element for the workflow across each of the plurality of levels of the enterprise.
  • a method of securing data across multiple levels of an enterprise includes providing an enterprise having a plurality of horizontal levels and identifying a data element to be secured.
  • the data element to extend through the plurality of horizontal levels of the enterprise.
  • the extension of the data element through the plurality of horizontal levels of the enterprise defined by a workflow.
  • the method includes providing a reference model including a data type and a security requirement for the data element.
  • the security requirement related to securing the data element across the plurality of the horizontal levels of the enterprise.
  • the reference model also associates the data element with the workflow.
  • the method also includes using the workflow and the security requirement associated with the data element provided by the reference model to identify a component operable to secure the data element across the plurality of horizontal levels of the enterprise as provided by the reference model.
  • a method for architecting enterprise data security includes identifying a first data element, a second data element, and a third data element.
  • the method includes identifying a first and second workflow.
  • the first workflow related to the first data element across a plurality of levels of an enterprise and the second workflow related to the second data element across at least some of the plurality of levels of the enterprise.
  • the method includes providing a reference model including a first security requirement for the first data element and a second security requirement for the second data element.
  • the first and second security requirements related to securing the first and second data elements across the plurality of the levels of the enterprise.
  • the method also includes determining a vertical component of the first and second data elements using the reference model.
  • the vertical component identifies the first and second security requirements for the first and second data elements based on the first and second workflows, respectively, for each of the plurality of levels of the enterprise.
  • the method further includes using the reference model and the vertical components of the first and second data elements to identify one or more components.
  • the components are operable to provide the first and second data elements according to the first and second security requirements, respectively, at the plurality of levels of the enterprise.
  • the one or more components are also operable to provide the third data element in a native state.
  • FIG. 1 is a diagram, according an embodiment of the present disclosure, of an enterprise and a reference model having a data element with a component shown for providing the data element to the enterprise according to the reference model.
  • FIG. 2 is a flow chart illustrating an embodiment of a method for architecting enterprise data security.
  • An enterprise may be thought of as having multiple horizontal levels where data transactions occur.
  • Enterprise architects view data security on a level-by-level basis and select solutions for securing data at each of the levels of the enterprise.
  • the architect determines the amount or type of data security needed at a specific level of the enterprise and then selects a component or application capable of providing the desired security for the data at that particular level.
  • this strategy results in multiple components, each at a different level of the enterprise, each providing security for the same element of data.
  • the components may not discriminate which data it secures. The result being that all the data at a particular level of the enterprise is secured. It can be seen that this technique may be inefficient and costly.
  • the present disclosure provides for identifying the data, which may be one or more data elements to be secured, and the workflow or transactions involving the data at multiple levels of the enterprise.
  • This provides the architect with a vertical view of the data to be secured based on the workflow involving the data throughout various levels of the enterprise.
  • This vertical view illuminates the data as it passes through the enterprise levels or tiers and may identify, for example, enterprise applications or systems operating or invoked between levels, not only those operating at a particular level.
  • This view of the data and identification of these additional applications and systems will generally provide a significantly different set of requirements for the solutions needed to provide data security than requirements for securing data at a single enterprise level.
  • the architect may then identify solutions or components that provide the required security for only the desired data, but across the multiple levels of the enterprise.
  • FIG. 1 illustrates an exemplary enterprise 10 having a perimeter 12 which may include a firewall 14 and a web server 16 .
  • the enterprise 10 also includes an internal enterprise 18 which may include one or more application servers 20 in communication with one or more data stores 22 .
  • the firewall 14 may be a standard firewall system or software operable for securing communications between the enterprise and, for example, the Internet.
  • the firewall 14 may be coupled or communicate with the web server 16 , which may include or maintain one or more web based applications of the enterprise 10 .
  • the web servers 16 are operable for managing web-based enterprise applications that function, for example, to access data stored in the data stores 22 of the internal enterprise 18 .
  • the firewall 14 also communicates, such as via an internal network with the one or more application servers 20 .
  • the application servers 20 and data stores 22 may include applications, systems, and data that support operations of the business.
  • the perimeter 12 and internal enterprise 18 , as well as the firewall 14 , web server 16 , one or more application servers 20 , and one or more data stores 22 may be viewed or thought of as one or more levels of the enterprise 10 between which workflow, such as transaction flows, take place.
  • the workflow or transaction flow which may include data (corresponding to system events) related to these transactions, may be analyzed, viewed, or modeled as occurring at or between the various levels, such as communicating data between the firewall 14 and the web server 16 , as well occurring at a particular level within the enterprise 10 , such as storing data at the data store 22 .
  • Data such as a data element 30 may be involved in various transactions at or between enterprise 10 levels and may require certain levels of security 32 for business and/or other reasons.
  • the security 32 may define, for example, encryption levels and password protection depending upon the status of the data at each level of the enterprise 10 , such as whether it is stored or communicated in an encrypted or unencrypted state.
  • the security 32 may also depend on the type 34 of the data element 30 .
  • the type 34 may identify the specific type or classification of data, such as name or social security number, or may be a generic category such as privacy information, personal information, health related information, or other categories.
  • security of information is relative to a particular location within the enterprise, such as between or at a particular level of the enterprise 10 .
  • security 32 determinations with regard to data elements 30 such as social security numbers at the web server level 16 , are generally made only with regard to that level.
  • Security solutions for the enterprise 10 such as security applications, are frequently identified, selected, integrated, and used based on the specific application's ability to provide the necessary security for the particular type of data at that specific level of the enterprise 10 . Solutions selected in this manner, such as a secure socket layer (SSL), enable the firewall 14 to successfully provide all information over an encrypted connection. However, this may be inefficient since not all the data at or between the enterprise levels may need this amount of security.
  • SSL secure socket layer
  • the present invention is directed to a method for architecting enterprise data security using a workflow or transaction centric approach to selecting applications or solutions to provide the desired security 32 for the data element 30 across and/or at various levels within the enterprise 10 .
  • a component 40 may be identified that is operable for providing the appropriate security 32 for the data element 30 at various levels within the enterprise 10 without the need for the component 40 to secure, for example, all information between or at specific levels within the enterprise to achieve the desired security for only the data element 30 .
  • a reference model 42 may define one or more data elements 30 and include definitions of the types 34 of these data elements 30 .
  • the reference model 42 may include workflow or transaction related information with regard to each of the data elements 30 .
  • the reference model 42 may include information relevant to the workflow and the association or relationship of the workflow to the security 32 required for the data element 30 at or between each level of the enterprise 10 .
  • the types 34 may include digital rights management, identity management, as well as personal information such as social security numbers, financial information, such as credit cards and bank account information, and other personal or private information whether for individuals, corporations or other entities.
  • the reference model 42 may also include security 32 requirements which may identify, such as previously described, specifications or objectives, for example, of minimum security requirements for data as the data is passed from different levels or applications within the enterprise 10 .
  • the security 32 may specify that a particular item of data, such as the data element 30 , be kept secure and that access to such data should be restricted to authorized personnel only.
  • the security 32 may prescribe compliance with legislation, such as limitations on sharing social security numbers based on state regulations, or limitations on sharing health care related information based on federal legislation. These legislative restrictions may be in addition to or separate from a base level security that is generally provided by the enterprise 10 .
  • Such security requirements may be identified and promulgated internally by the enterprise 10 , or may be issued by a number of sources, such as legislation, administrative bodies, private individuals or corporations, or required by individual customers.
  • the vertical view of the data and workflow centric analysis for selection of component 40 may identify various aspects of the workflow, and the relationship of the security 32 for the relevant data element 30 .
  • This information may be maintained by the reference model 42 and may include whether the information is communicated, displayed, stored, processed, and whether the information or data will otherwise be received or passed to individuals within or outside of the organization or enterprise 10 .
  • the different applications, components, or levels that process the relevant data and the relationship to business processes, applications or other systems that will be affected by any implementation to achieve compliance with the security 32 requirements should also be recognized.
  • the reference model 42 may be created based on, and may include, the above described requirements, objectives, and information gathered by monitoring the workflow of the relevant data, such as data elements 30 .
  • the reference model 42 may include the definitions of the security 32 related requirements, which may be used to identify and achieve the business requirements at each level of the workflow.
  • components may be selected that achieve all or most of the security 32 requirements without unnecessarily securing other data. Further by focusing on such a workflow related analysis of enterprise data security for selection of component 40 , the appropriate component 40 may be more readily identified, selected, and integrated with a higher degree of successful implementation.
  • the present disclosure may be used for architecting data security for multiple data elements 30 , one or more having different enterprise 10 workflows. In this instance, the present disclosure provides the architect with sufficient detail regarding the levels of the enterprise 10 and associated workflow to select components 40 that integrate and cooperate more seamlessly than security components architected individually.
  • FIG. 2 illustrates a method 50 for architecting enterprise data security.
  • the method includes, at a block 52 , analyzing the enterprise 10 , which includes a plurality of levels of the enterprise 10 and a workflow of data involved in transactions at the plurality of levels.
  • the method includes analyzing a data element, such as the data element 30 , which includes a security requirement, such as the security 32 .
  • the method includes providing a reference model, such as the reference model 42 which includes the data element 30 defined using at least a portion of the security 32 and at least a portion of the workflow related to the data element 30 .
  • a vertical component of the data element 30 is determined using the reference model 42 .
  • the vertical component identifies the security 32 required for the data element 30 based on the workflow for each of the plurality of levels of the enterprise 10 .
  • the method includes identifying a technical component operable to provide the security 32 for the data element 30 .
  • the technical component may be identified based on the present method 50 by using at least the portion of the workflow defined in the reference model 42 and the security 32 required for the data element 30 .
  • This analysis is operable to identify the security, communications, applications, and systems operating between each level of the enterprise 10 .
  • the analysis is further operable to select one or more components 40 capable of providing the desired security for the one or more data elements 30 across these levels of the enterprise 10 .
  • this workflow centered functionality differs from an isolated view of a specific level of the enterprise 10 and related data security.
  • An isolated view promotes providing data security at a fixed or static level or location within the enterprise 10 .
  • the present embodiment provides for selection of the technical component 40 based on an analysis of the workflow between one or more of the enterprise levels, such as between a first and a second level of the enterprise, or between several or all of the levels within the enterprise.
  • the present disclosure may be used for selection of one or more components 40 to secure a plurality of related or unrelated data elements 30 , whether or not the data elements have similar security 32 requirements. Further, the selected component 40 may provide the security 32 for the data element 30 during communication between levels within the enterprise 10 , as well as at a particular level within the enterprise 10 , such as securely storing data at one or more of the levels within the enterprise 10 .
  • a first data element may be secured by the component 40 , while the selected component 40 may be operable to provide a second data element not requiring any security 32 in a native state.
  • the native state of the data element may be a nonsecure, unencrypted state such that users of the enterprise or others may readily ascertain the content of the second data element.

Abstract

A method for architecting enterprise data security solutions for an enterprise having multiple levels is provided. The method includes analyzing the enterprise levels and a workflow related to the plurality of levels and analyzing a data element having a security requirement. The method includes providing a reference model including the data element. The reference model associates the data element and the security requirement with the workflow. The method includes determining a vertical component of the data element using the reference model. The vertical component identifies the security requirement for the data element based on the workflow for each of the plurality of levels of the enterprise. The method includes identifying a technical component using the reference model and the vertical component. The technical component is operable to provide the security requirement of the data element for the workflow across each of the plurality of levels of the enterprise.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
None.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
Not applicable.
REFERENCE TO A MICROFICHE APPENDIX
Not applicable.
FIELD OF THE INVENTION
The present disclosure relates to a method and system for securing data, and more particularly, but not by way of limitation, to a method and system for architecting enterprise data security to identify enterprise components.
BACKGROUND
Securing data is an important aspect of any enterprise or application. The challenges in securing data in a particular system continue to change however. In a given environment, it may be necessary to secure all data at multiple levels of a particular application, whereas in other environments, it may be necessary to secure only particular data throughout all levels of the application. Thus, there exists a need for security implementations that provide all of the necessary security for a given system, and yet maintain sufficient flexibility and efficiency so that the security is implemented only on data requiring such security.
SUMMARY
In one embodiment, the present disclosure provides a method for architecting enterprise data security solutions for an enterprise having multiple levels. The method includes analyzing an enterprise having a plurality of levels and a workflow related to the plurality of levels. The method includes analyzing a data element having a security requirement. The method includes providing a reference model including the data element. The reference model associates the data element and the security requirement with the workflow. The method includes determining a vertical component of the data element using the reference model. The vertical component identifies the security requirement for the data element based on the workflow for each of the plurality of levels of the enterprise. The method includes identifying a technical component using the reference model and the vertical component. The technical component is operable to provide the security requirement of the data element for the workflow across each of the plurality of levels of the enterprise.
In another embodiment, a method of securing data across multiple levels of an enterprise is provided. The method includes providing an enterprise having a plurality of horizontal levels and identifying a data element to be secured. The data element to extend through the plurality of horizontal levels of the enterprise. The extension of the data element through the plurality of horizontal levels of the enterprise defined by a workflow. The method includes providing a reference model including a data type and a security requirement for the data element. The security requirement related to securing the data element across the plurality of the horizontal levels of the enterprise. The reference model also associates the data element with the workflow. The method also includes using the workflow and the security requirement associated with the data element provided by the reference model to identify a component operable to secure the data element across the plurality of horizontal levels of the enterprise as provided by the reference model.
In another embodiment, a method for architecting enterprise data security is provided. The method includes identifying a first data element, a second data element, and a third data element. The method includes identifying a first and second workflow. The first workflow related to the first data element across a plurality of levels of an enterprise and the second workflow related to the second data element across at least some of the plurality of levels of the enterprise. The method includes providing a reference model including a first security requirement for the first data element and a second security requirement for the second data element. The first and second security requirements related to securing the first and second data elements across the plurality of the levels of the enterprise. The method also includes determining a vertical component of the first and second data elements using the reference model. The vertical component identifies the first and second security requirements for the first and second data elements based on the first and second workflows, respectively, for each of the plurality of levels of the enterprise. The method further includes using the reference model and the vertical components of the first and second data elements to identify one or more components. The components are operable to provide the first and second data elements according to the first and second security requirements, respectively, at the plurality of levels of the enterprise. The one or more components are also operable to provide the third data element in a native state.
These and other features and advantages will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings and claims.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the presentation and the advantages thereof, reference is now made to the following brief description, taken in connection with the accompanying drawings in detailed description, wherein like reference numerals represent like parts.
FIG. 1 is a diagram, according an embodiment of the present disclosure, of an enterprise and a reference model having a data element with a component shown for providing the data element to the enterprise according to the reference model.
FIG. 2 is a flow chart illustrating an embodiment of a method for architecting enterprise data security.
 DETAILED DESCRIPTION OF THE SEVERAL EMBODIMENTS
It should be understood at the outset that although an exemplary implementation of one embodiment of the presently claimed system and method is illustrated below, the present system and method may be implemented using any number of techniques, whether currently known or in existence. The present disclosure should in no way be limited to the exemplary implementations, drawings, and techniques illustrated below, including the exemplary design and implementation illustrated and described herein, but may be modified within the scope of the appended claims along with their full scope of equivalents. Moreover, those skilled in the art will appreciate that many of the elements and functional steps described herein can be implemented by any number of means including, discrete components, or processors executing machine code, or any combination thereof. Furthermore, it is understood that the components and steps described herein can be substituted for, or omitted altogether in accordance with known customs and practices and the knowledge of those skilled in the art.
An enterprise may be thought of as having multiple horizontal levels where data transactions occur. Enterprise architects view data security on a level-by-level basis and select solutions for securing data at each of the levels of the enterprise. The architect determines the amount or type of data security needed at a specific level of the enterprise and then selects a component or application capable of providing the desired security for the data at that particular level. Frequently, this strategy results in multiple components, each at a different level of the enterprise, each providing security for the same element of data. Also, the components may not discriminate which data it secures. The result being that all the data at a particular level of the enterprise is secured. It can be seen that this technique may be inefficient and costly.
The present disclosure provides for identifying the data, which may be one or more data elements to be secured, and the workflow or transactions involving the data at multiple levels of the enterprise. This provides the architect with a vertical view of the data to be secured based on the workflow involving the data throughout various levels of the enterprise. This vertical view illuminates the data as it passes through the enterprise levels or tiers and may identify, for example, enterprise applications or systems operating or invoked between levels, not only those operating at a particular level. This view of the data and identification of these additional applications and systems will generally provide a significantly different set of requirements for the solutions needed to provide data security than requirements for securing data at a single enterprise level. The architect may then identify solutions or components that provide the required security for only the desired data, but across the multiple levels of the enterprise.
FIG. 1 illustrates an exemplary enterprise 10 having a perimeter 12 which may include a firewall 14 and a web server 16. The enterprise 10 also includes an internal enterprise 18 which may include one or more application servers 20 in communication with one or more data stores 22. The firewall 14 may be a standard firewall system or software operable for securing communications between the enterprise and, for example, the Internet. The firewall 14 may be coupled or communicate with the web server 16, which may include or maintain one or more web based applications of the enterprise 10. The web servers 16 are operable for managing web-based enterprise applications that function, for example, to access data stored in the data stores 22 of the internal enterprise 18. The firewall 14 also communicates, such as via an internal network with the one or more application servers 20. The application servers 20 and data stores 22 may include applications, systems, and data that support operations of the business.
The perimeter 12 and internal enterprise 18, as well as the firewall 14, web server 16, one or more application servers 20, and one or more data stores 22 may be viewed or thought of as one or more levels of the enterprise 10 between which workflow, such as transaction flows, take place. The workflow or transaction flow, which may include data (corresponding to system events) related to these transactions, may be analyzed, viewed, or modeled as occurring at or between the various levels, such as communicating data between the firewall 14 and the web server 16, as well occurring at a particular level within the enterprise 10, such as storing data at the data store 22.
Data, such as a data element 30 may be involved in various transactions at or between enterprise 10 levels and may require certain levels of security 32 for business and/or other reasons. The security 32 may define, for example, encryption levels and password protection depending upon the status of the data at each level of the enterprise 10, such as whether it is stored or communicated in an encrypted or unencrypted state. The security 32 may also depend on the type 34 of the data element 30. The type 34 may identify the specific type or classification of data, such as name or social security number, or may be a generic category such as privacy information, personal information, health related information, or other categories.
Typically, security of information is relative to a particular location within the enterprise, such as between or at a particular level of the enterprise 10. Specifically, security 32 determinations with regard to data elements 30, such as social security numbers at the web server level 16, are generally made only with regard to that level. Security solutions for the enterprise 10, such as security applications, are frequently identified, selected, integrated, and used based on the specific application's ability to provide the necessary security for the particular type of data at that specific level of the enterprise 10. Solutions selected in this manner, such as a secure socket layer (SSL), enable the firewall 14 to successfully provide all information over an encrypted connection. However, this may be inefficient since not all the data at or between the enterprise levels may need this amount of security.
According to one embodiment, the present invention is directed to a method for architecting enterprise data security using a workflow or transaction centric approach to selecting applications or solutions to provide the desired security 32 for the data element 30 across and/or at various levels within the enterprise 10. Using the approach provided according to the present embodiment, a component 40 may be identified that is operable for providing the appropriate security 32 for the data element 30 at various levels within the enterprise 10 without the need for the component 40 to secure, for example, all information between or at specific levels within the enterprise to achieve the desired security for only the data element 30.
According to one embodiment, a reference model 42 is provided which may define one or more data elements 30 and include definitions of the types 34 of these data elements 30. The reference model 42 may include workflow or transaction related information with regard to each of the data elements 30. For example, the reference model 42 may include information relevant to the workflow and the association or relationship of the workflow to the security 32 required for the data element 30 at or between each level of the enterprise 10. In one embodiment, the types 34 may include digital rights management, identity management, as well as personal information such as social security numbers, financial information, such as credit cards and bank account information, and other personal or private information whether for individuals, corporations or other entities.
The reference model 42 may also include security 32 requirements which may identify, such as previously described, specifications or objectives, for example, of minimum security requirements for data as the data is passed from different levels or applications within the enterprise 10. For example, the security 32 may specify that a particular item of data, such as the data element 30, be kept secure and that access to such data should be restricted to authorized personnel only. Furthermore, the security 32 may prescribe compliance with legislation, such as limitations on sharing social security numbers based on state regulations, or limitations on sharing health care related information based on federal legislation. These legislative restrictions may be in addition to or separate from a base level security that is generally provided by the enterprise 10. Such security requirements may be identified and promulgated internally by the enterprise 10, or may be issued by a number of sources, such as legislation, administrative bodies, private individuals or corporations, or required by individual customers.
The vertical view of the data and workflow centric analysis for selection of component 40 may identify various aspects of the workflow, and the relationship of the security 32 for the relevant data element 30. This information may be maintained by the reference model 42 and may include whether the information is communicated, displayed, stored, processed, and whether the information or data will otherwise be received or passed to individuals within or outside of the organization or enterprise 10. The different applications, components, or levels that process the relevant data and the relationship to business processes, applications or other systems that will be affected by any implementation to achieve compliance with the security 32 requirements should also be recognized. The reference model 42 may be created based on, and may include, the above described requirements, objectives, and information gathered by monitoring the workflow of the relevant data, such as data elements 30. The reference model 42 may include the definitions of the security 32 related requirements, which may be used to identify and achieve the business requirements at each level of the workflow.
By using the reference model 42 to identify the vertical flow of the data through levels of the enterprise 10, components may be selected that achieve all or most of the security 32 requirements without unnecessarily securing other data. Further by focusing on such a workflow related analysis of enterprise data security for selection of component 40, the appropriate component 40 may be more readily identified, selected, and integrated with a higher degree of successful implementation.
According to one embodiment, only the relevant data, such as data element 30, is identified and secured at each of the various layers of the enterprise 10, as necessary. Also, the present disclosure may be used for architecting data security for multiple data elements 30, one or more having different enterprise 10 workflows. In this instance, the present disclosure provides the architect with sufficient detail regarding the levels of the enterprise 10 and associated workflow to select components 40 that integrate and cooperate more seamlessly than security components architected individually.
FIG. 2 illustrates a method 50 for architecting enterprise data security. The method includes, at a block 52, analyzing the enterprise 10, which includes a plurality of levels of the enterprise 10 and a workflow of data involved in transactions at the plurality of levels. At a block 54, the method includes analyzing a data element, such as the data element 30, which includes a security requirement, such as the security 32. At a block 56, the method includes providing a reference model, such as the reference model 42 which includes the data element 30 defined using at least a portion of the security 32 and at least a portion of the workflow related to the data element 30.
At a block 58, a vertical component of the data element 30 is determined using the reference model 42. The vertical component identifies the security 32 required for the data element 30 based on the workflow for each of the plurality of levels of the enterprise 10. At a block 60, the method includes identifying a technical component operable to provide the security 32 for the data element 30. The technical component may be identified based on the present method 50 by using at least the portion of the workflow defined in the reference model 42 and the security 32 required for the data element 30. This analysis is operable to identify the security, communications, applications, and systems operating between each level of the enterprise 10. The analysis is further operable to select one or more components 40 capable of providing the desired security for the one or more data elements 30 across these levels of the enterprise 10.
It will be appreciated that this workflow centered functionality differs from an isolated view of a specific level of the enterprise 10 and related data security. An isolated view promotes providing data security at a fixed or static level or location within the enterprise 10. Whereas the present embodiment provides for selection of the technical component 40 based on an analysis of the workflow between one or more of the enterprise levels, such as between a first and a second level of the enterprise, or between several or all of the levels within the enterprise.
Although only a single data element 30 has been discussed, it will be appreciated that the present disclosure may be used for selection of one or more components 40 to secure a plurality of related or unrelated data elements 30, whether or not the data elements have similar security 32 requirements. Further, the selected component 40 may provide the security 32 for the data element 30 during communication between levels within the enterprise 10, as well as at a particular level within the enterprise 10, such as securely storing data at one or more of the levels within the enterprise 10.
It will be appreciated that a first data element may be secured by the component 40, while the selected component 40 may be operable to provide a second data element not requiring any security 32 in a native state. The native state of the data element may be a nonsecure, unencrypted state such that users of the enterprise or others may readily ascertain the content of the second data element.
While several embodiments have been provided in the present disclosure, it should be understood that the presently described system and method may be embodied in many other specific forms without departing from the spirit or scope of the present disclosure. The present examples are to be considered as illustrative and not restrictive, and the intention is not to be limited to the details given herein, but may be modified within the scope of the appended claims along with their full scope of equivalents. For example, the various elements or components may be combined or integrated in another system or certain features may be omitted, or not implemented.
Also, techniques, systems, subsystems and methods described and illustrated in the various embodiments as discrete or separate may be combined or integrated with other systems, modules, techniques, or methods without departing from the scope of the present disclosure. Other items shown as directly coupled or communicating with each other may be coupled through some interface or device, such that the items may no longer be considered directly coupled to each but may still be indirectly coupled and in communication with one another. Other examples of changes, substitutions, and alterations are ascertainable by on skilled in the art and could be made without departing from the spirit and scope disclosed herein.

Claims (24)

1. A method for architecting enterprise data security solutions for an enterprise having multiple levels, comprising:
identifying by a processor a data element and an associated security requirement;
determining by a processor an enterprise workflow for the data element across a plurality of enterprise levels wherein at least two of the plurality of enterprise levels comprise different machines;
creating by a processor a reference model for the data element, wherein the reference model associates the data element and the security requirement with the enterprise workflow wherein the reference model includes information about a relationship of the workflow to the security requirement for the data element and of a relationship of the security requirement for the data element to each of the plurality of enterprise levels;
determining by a processor a vertical component of the data element using the reference model, the vertical component identifying the security requirement for the data element for each of the plurality of enterprise levels in the enterprise workflow; and
identifying by a processor a technical component using the reference model and the vertical component, the technical component configured to provide the security requirement of the data element for at least two of the plurality of levels of the enterprise in the enterprise workflow, wherein at least one other data element remains unaffected by operation of the technical component to implement the security requirement.
2. The method of claim 1, further comprising selecting the technical component for use by the enterprise, and wherein the technical component is selected substantially based on a workflow centered functionality of the technical component to provide the security requirement of the data element.
3. The method of claim 1, wherein the identifying the technical component is based on a workflow centric analysis of providing the security requirement for the data element.
4. The method of claim 1, further comprising selecting the technical component for use by the enterprise, and wherein the selection of the technical component is based on an analysis of the enterprise workflow between one or more of the levels of the enterprise.
5. The method of claim 1, wherein the at least portion of the enterprise workflow is defined as the enterprise workflow related to the data element and the security requirement for the data element between at least a first and second levels of the enterprise.
6. The method of claim 1, wherein the at least portion of the enterprise workflow is defined as the enterprise workflow related to providing the security requirement for the data elements between each of the plurality of enterprise levels between which the data element is provided.
7. The method of claim 1, wherein the enterprise workflow is defined as transactions related to the data element.
8. The method of claim 1, wherein the technical component is configured to secure the data element as required by the security requirement, and wherein the security requirement requires secure storage of the data element at one or more of the plurality of enterprise levels.
9. The method of claim 8, wherein the technical component promotes storage of other data elements but securely stores only the data element having the security requirement, and wherein the security requirement is defined as a privacy related risk.
10. The method of claim 1, wherein the technical component is configured to secure the data element as required by the security requirement, and wherein the security requirement requires secure communication of the data element between at least a first and second levels of the enterprise.
11. The method of claim 10, wherein the technical component promotes communication of other data elements between the first and second levels of the enterprise, but securely communicates only the data element having the security requirement.
12. A method for architecting enterprise data security, comprising:
identifying by a processor a first data element, a second data element, and a third data element;
identifying by a processor a first and second workflow, the first workflow related to the first data element across a plurality of levels of an enterprise and the second workflow related to the second data element across at least some of the plurality of levels of the enterprise wherein at least two of the plurality of enterprise levels comprise different machines;
providing by a processor a reference model including a first security requirement for the first data element and a second security requirement for the second data element, the first and second security requirements related to securing the first and second data elements for at least two of the plurality of the levels of the enterprise wherein the reference model includes information about a relationship of the first workflow to the first security requirement for the first data element and information about a relationship of the second workflow to the second security requirement for the second data element;
determining by a processor a vertical component of the first and second data elements using the reference model, the vertical component identifying the first and second security requirements for the first and second data elements based on the first and second workflows, respectively, for each of the plurality of levels of the enterprise; and
using the reference model and the vertical components of the first and second data element to identify one or more components configured to provide the first and second data elements according to the first and second security requirements, respectively, for at least two of the plurality of levels of the enterprise, the one or more components further configured to provide the third data element in a native state.
13. The method of claim 12, wherein the native state of the third data element is further defined as a non-secure state.
14. The method of claim 12, wherein the component is configured to encrypt the first data element and further configured to maintain the third data element in a non-encrypted state for providing the first and third data elements across the plurality of levels of the enterprise.
15. The method of claim 14, wherein providing the first and third data elements across the plurality of levels of the enterprise is further defined as storing the first and third data elements at a storage level of the enterprise.
16. The method of claim 14, wherein providing the first and third data elements across the plurality of levels of the enterprise is further defined as communicating the first and third data elements between a first and a second level within the enterprise.
17. A system for architecting enterprise data security solutions for an enterprise having multiple levels, comprising:
an application stored as a set of computer readable instructions in a computer readable storage media and executable by a processor;
a data store in a computer readable storage media;
a data element residing on the data store used by the application;
a reference model stored in a computer readable storage media and comprising an association of a data element type and a data element security requirement with a defined enterprise workflow of the data element across a plurality of enterprise levels wherein the reference model includes information about a relationship of the workflow to the data element security requirement;
a vertical aggregation unit stored as a set of computer readable instructions in a computer readable storage media and executable by a processor that determines a vertical component of the data element using the reference model, wherein the vertical component identifies the security requirement for the data element for each of the plurality of enterprise levels in the enterprise workflow wherein at least two of the plurality of enterprise levels comprise separate machines; and
an identifying unit stored as a set of computer readable instructions in a computer readable storage media and executable by a processor that identifies a technical component using the reference model wherein the technical component is a component operable to provide the security requirement of the data element for the defined enterprise workflow.
18. The system of claim 17, wherein the defined enterprise workflow is further defined as the defined enterprise workflow relating the data element and the data element security requirement between at least a first level and a second level of the enterprise.
19. The system of claim 18, wherein the first level comprises the application.
20. The system of claim 18, wherein the second level comprises one of a web server, an application server, and a firewall.
21. The system of claim 17, wherein the defined enterprise workflow is further defined as transactions related to the data element.
22. The system of claim 17, wherein the technical component is configured to secure the data element as required by the security requirement and wherein the security requirement requires storage of the data element at one or more of a plurality of levels within the enterprise.
23. The system of claim 22, wherein the technical component promotes storage of other data elements while only imposing the security requirement on the data element having the security requirement.
24. The system of claim 23, wherein the security requirement is defined as a privacy related risk.
US10/875,539 2004-06-24 2004-06-24 Method and system for architecting enterprise data security Active 2028-05-01 US7716716B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/875,539 US7716716B1 (en) 2004-06-24 2004-06-24 Method and system for architecting enterprise data security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/875,539 US7716716B1 (en) 2004-06-24 2004-06-24 Method and system for architecting enterprise data security

Publications (1)

Publication Number Publication Date
US7716716B1 true US7716716B1 (en) 2010-05-11

Family

ID=42139491

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/875,539 Active 2028-05-01 US7716716B1 (en) 2004-06-24 2004-06-24 Method and system for architecting enterprise data security

Country Status (1)

Country Link
US (1) US7716716B1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143847A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing automatic signature generation and enforcement
US20070143848A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing computer and network security for polymorphic attacks
US20070256127A1 (en) * 2005-12-16 2007-11-01 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic signature generation
US20100146600A1 (en) * 2007-02-26 2010-06-10 Secure Islands Technologies Ltd System and method for automatic data protection in a computer network
US20100242111A1 (en) * 2005-12-16 2010-09-23 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US20110093916A1 (en) * 2008-06-10 2011-04-21 Ulrich Lang Method and system for rapid accreditation/re-accreditation of agile it environments, for example service oriented architecture (soa)
US20190156058A1 (en) * 2016-05-13 2019-05-23 Microsoft Technology Licensing, Llc Dynamic management of data with context-based processing
US10789383B1 (en) 2020-01-09 2020-09-29 Capital One Services, Llc Systems and methods for data protection

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054896A1 (en) * 2002-09-12 2004-03-18 International Business Machines Corporation Event driven security objects
US20040111643A1 (en) * 2002-12-02 2004-06-10 Farmer Daniel G. System and method for providing an enterprise-based computer security policy
US6785721B1 (en) * 2000-06-19 2004-08-31 International Business Machines Corporation System and method for providing a distributable runtime that deploys web applications and services from a workflow, enterprise, and mail-enabled web application server and platform
US20050028006A1 (en) * 2003-06-02 2005-02-03 Liquid Machines, Inc. Computer method and apparatus for managing data objects in a distributed context
US20050044409A1 (en) * 2003-08-19 2005-02-24 International Business Machines Corporation Implementation and use of a PII data access control facility employing personally identifying information labels and purpose serving functions sets
US20050182957A1 (en) * 2004-02-16 2005-08-18 Microsoft Corporation Security scopes and profiles
US20050251852A1 (en) * 2003-10-10 2005-11-10 Bea Systems, Inc. Distributed enterprise security system
US20070143824A1 (en) * 2003-12-23 2007-06-21 Majid Shahbazi System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US7257834B1 (en) * 2002-10-31 2007-08-14 Sprint Communications Company L.P. Security framework data scheme
US7263717B1 (en) * 2003-12-17 2007-08-28 Sprint Communications Company L.P. Integrated security framework and privacy database scheme
US7334254B1 (en) * 2003-07-31 2008-02-19 Sprint Communications Company L.P. Business-to-business security integration

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6785721B1 (en) * 2000-06-19 2004-08-31 International Business Machines Corporation System and method for providing a distributable runtime that deploys web applications and services from a workflow, enterprise, and mail-enabled web application server and platform
US20040054896A1 (en) * 2002-09-12 2004-03-18 International Business Machines Corporation Event driven security objects
US7257834B1 (en) * 2002-10-31 2007-08-14 Sprint Communications Company L.P. Security framework data scheme
US20040111643A1 (en) * 2002-12-02 2004-06-10 Farmer Daniel G. System and method for providing an enterprise-based computer security policy
US20050028006A1 (en) * 2003-06-02 2005-02-03 Liquid Machines, Inc. Computer method and apparatus for managing data objects in a distributed context
US7334254B1 (en) * 2003-07-31 2008-02-19 Sprint Communications Company L.P. Business-to-business security integration
US20050044409A1 (en) * 2003-08-19 2005-02-24 International Business Machines Corporation Implementation and use of a PII data access control facility employing personally identifying information labels and purpose serving functions sets
US20050251852A1 (en) * 2003-10-10 2005-11-10 Bea Systems, Inc. Distributed enterprise security system
US7263717B1 (en) * 2003-12-17 2007-08-28 Sprint Communications Company L.P. Integrated security framework and privacy database scheme
US20070143824A1 (en) * 2003-12-23 2007-06-21 Majid Shahbazi System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US20050182957A1 (en) * 2004-02-16 2005-08-18 Microsoft Corporation Security scopes and profiles

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143847A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing automatic signature generation and enforcement
US20070143848A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing computer and network security for polymorphic attacks
US20070256127A1 (en) * 2005-12-16 2007-11-01 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic signature generation
US20100242111A1 (en) * 2005-12-16 2010-09-23 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US8255995B2 (en) * 2005-12-16 2012-08-28 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US8413245B2 (en) 2005-12-16 2013-04-02 Cisco Technology, Inc. Methods and apparatus providing computer and network security for polymorphic attacks
US8495743B2 (en) 2005-12-16 2013-07-23 Cisco Technology, Inc. Methods and apparatus providing automatic signature generation and enforcement
US9286469B2 (en) 2005-12-16 2016-03-15 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic signature generation
US20100146600A1 (en) * 2007-02-26 2010-06-10 Secure Islands Technologies Ltd System and method for automatic data protection in a computer network
US10367851B2 (en) 2007-02-26 2019-07-30 Microsoft Israel Research And Development (2002) Ltd System and method for automatic data protection in a computer network
US9838432B2 (en) 2007-02-26 2017-12-05 Secure Islands Technologies Ltd System and method for automatic data protection in a computer network
US9218500B2 (en) * 2007-02-26 2015-12-22 Secure Islands Technologies Ltd. System and method for automatic data protection in a computer network
US20170324779A1 (en) * 2008-06-10 2017-11-09 Ulrich Lang Method and system for rapid accreditation/re-accreditation of agile it environments, for example service oriented architecture (soa)
US8856863B2 (en) * 2008-06-10 2014-10-07 Object Security Llc Method and system for rapid accreditation/re-accreditation of agile IT environments, for example service oriented architecture (SOA)
US10116704B2 (en) * 2008-06-10 2018-10-30 Object Security Llc Method and system for rapid accreditation/re-accreditation of agile IT environments, for example service oriented architecture (SOA)
US20190081985A1 (en) * 2008-06-10 2019-03-14 Object Security Llc Method and system for rapid accreditation/re-accreditation of agile it environments, for example service oriented architecture (soa)
US20110093916A1 (en) * 2008-06-10 2011-04-21 Ulrich Lang Method and system for rapid accreditation/re-accreditation of agile it environments, for example service oriented architecture (soa)
US10560486B2 (en) * 2008-06-10 2020-02-11 Object Security Llc Method and system for rapid accreditation/re-accreditation of agile it environments, for example service oriented architecture (SOA)
US20190156058A1 (en) * 2016-05-13 2019-05-23 Microsoft Technology Licensing, Llc Dynamic management of data with context-based processing
US10719625B2 (en) * 2016-05-13 2020-07-21 Microsoft Technology Licensing, Llc Dynamic management of data with context-based processing
US20200349281A1 (en) * 2016-05-13 2020-11-05 Microsoft Technology Licensing, Llc Dynamic management of data with context-based processing
US11755770B2 (en) * 2016-05-13 2023-09-12 Microsoft Technology Licensing, Llc Dynamic management of data with context-based processing
US10789383B1 (en) 2020-01-09 2020-09-29 Capital One Services, Llc Systems and methods for data protection
US11288392B2 (en) 2020-01-09 2022-03-29 Capital One Services, Llc Systems and methods for data protection

Similar Documents

Publication Publication Date Title
US10360399B2 (en) System and method for detecting fraud and misuse of protected data by an authorized user using event logs
US7966663B2 (en) Methods and systems for determining privacy requirements for an information resource
CA2583401C (en) Systems and methods for monitoring business processes of enterprise applications
US7882548B2 (en) System and method for protecting identity information
US8185415B2 (en) Methods and systems for comparing employee insurance plans among peer groups
US20070073519A1 (en) System and Method of Fraud and Misuse Detection Using Event Logs
US8522358B2 (en) Universal identity service avatar ecosystem
US10257228B2 (en) System and method for real time detection and prevention of segregation of duties violations in business-critical applications
EP3166042B1 (en) Computer-implemented system and method for anonymizing encrypted data
US20230252553A1 (en) Systems and methods for managing lists using an information storage and communication system
JP2005500617A (en) Web-based security with access control to data and resources
US7716716B1 (en) Method and system for architecting enterprise data security
WO2005017685A2 (en) System and method for processing record related information
US10867704B2 (en) Pharmacy database structure component
US20070223694A1 (en) Methods, media, and systems for entitlement clearing
Yee Model for reducing risks to private or sensitive data
US8566302B2 (en) Website submission security monitor
AU2013267064B2 (en) System and method of fraud and misuse detection
Rahmawati et al. Cellular Phone User Personal Data Protection by Provider
Luce et al. When is a cost-effectiveness claim valid? How much should the FDA care
De Meyer et al. The PRIDEH Project: Taking Up Privacy Protection Services in eHealth

Legal Events

Date Code Title Description
AS Assignment

Owner name: SPRINT COMMUNICATIONS COMPANY, L.P.,KANSAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BOYDSTUN, KENNETH C.;REEL/FRAME:015518/0410

Effective date: 20040623

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, NEW YORK

Free format text: GRANT OF FIRST PRIORITY AND JUNIOR PRIORITY SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:SPRINT COMMUNICATIONS COMPANY L.P.;REEL/FRAME:041895/0210

Effective date: 20170203

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552)

Year of fee payment: 8

AS Assignment

Owner name: SPRINT COMMUNICATIONS COMPANY L.P., KANSAS

Free format text: TERMINATION AND RELEASE OF FIRST PRIORITY AND JUNIOR PRIORITY SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:052969/0475

Effective date: 20200401

Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNORS:T-MOBILE USA, INC.;ISBV LLC;T-MOBILE CENTRAL LLC;AND OTHERS;REEL/FRAME:053182/0001

Effective date: 20200401

AS Assignment

Owner name: T-MOBILE INNOVATIONS LLC, KANSAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SPRINT COMMUNICATIONS COMPANY L.P.;REEL/FRAME:055604/0001

Effective date: 20210303

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12

AS Assignment

Owner name: SPRINT SPECTRUM LLC, KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: SPRINT INTERNATIONAL INCORPORATED, KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: SPRINT COMMUNICATIONS COMPANY L.P., KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: SPRINTCOM LLC, KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: CLEARWIRE IP HOLDINGS LLC, KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: CLEARWIRE COMMUNICATIONS LLC, KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: BOOST WORLDWIDE, LLC, KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: ASSURANCE WIRELESS USA, L.P., KANSAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: T-MOBILE USA, INC., WASHINGTON

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: T-MOBILE CENTRAL LLC, WASHINGTON

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: PUSHSPRING, LLC, WASHINGTON

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: LAYER3 TV, LLC, WASHINGTON

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822

Owner name: IBSV LLC, WASHINGTON

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001

Effective date: 20220822